Slashdot Mirror
Sun Slips Firefox Extension Into Java Update
pcardno writes "It seems it's not just Microsoft that have spotted a good opportunity to distribute their software through Firefox Addons. On installing the latest annoying, sysbar bubble based Java update, my Firefox informed me that I had a wonderful new Java addon automatically. Here's the addon screenshot. Yes, I could opt out of it, but why are Sun installing Addons to my Firefox without me making specific choices in the application itself? To be clear — I have never chosen to install this Addon, yet it has been installed without my permission with the latest Java Update."
The problem is that this should be an opt-in system, not opt-out later by going in.
You talk about convenience, but they certainly don't offer as convenient of an opt-out as they should have.
In order to have this happen to you, you have to install a completely optional automatic update package from Java, so you are opting in.
That it doesn't ask you again later doesn't mean much.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
And of course, if you were a dumbass who didn't understand what extensions were, you might say No out of fear, and then later decide you don't like java. And then later decide buying an iPHone isn't that bad, because it doesn't support java, but java never works anyway.
At some point, you have to let the machine work for you. Remember all the people who complained about windows asking your permission before doing anything possibly harmful? Seems like whether you ask people or not, someone is going to whine on either side of the fence.
In a world of whiners, I'd rather have Javascript work on their browsers.
There's enough problems with things BROKEN because people DON'T do automatic updates. Then when updates to happen automatically, people STILL whine.
Can't win.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
It helps preload the JVM so that any Java applets load faster.
It's not some evil conspiracy.
You told it to update your computer. It didn't tell you exactly what it was doing. Does Microsoft Update tell you everything it's going to touch?
If you don't like it, run Linux, install SELinux and block everything by default.
Not trying to sound like a dick, but this really is a non-issue.
The less you pay, the more you get!!!
And you'll like it too.
You're right, you have to turn it off - because you sure as hell can't uninstall it.
It's unwanted, it's unneeded (Java works fine without it) and it's useless (all it does is waste memory and make Firefox take even longer to start).
So why does Sun force it onto us without even asking? Damned if I know.
Fortunately it's easy to disable. Unfortunately it gets reenabled every single time you update Java, which is a fairly routine thing thanks to the massive number of security holes lingering in Java. (Even worse, if you allow it to update automatically, this just happens in the background, so your only sign that it got reinstalled behind your back is Firefox randomly being slower).
Honestly, I only have Java installed for a couple of "enterprise" applications I use that require the massive Java bloat. I'd much prefer it keep its hooks out of my browser: Java applets are dead and have been for years. The only reason I have Java at all is thanks to the "enterprise" weenies who think that J2EE makes everything better.
But you can't keep it out of your browser. Install it, and it sticks its hooks into your browser without giving you an option. Even better, it now advertises Open Office and demands that you register Java.
But this isn't really news - Sun's been doing that for at least the past year and quite possibly longer. It's not a new feature.
It's still scummy, and makes me incredibly wary about using any Sun software (eg Open Office and MySQL) for fear of what Sun bloat now lingers in them.
Neither is benign. When you tamper with a customer's third party software, you 1. Ask them first, and 2. Let them back out easily. Microsoft and Sun did neither of these. Not only are they spitting on good software standards, they're spitting on their users by doing this.
Like getting a free oil change and complaining about the windshield sticker next service reminder?
- these are not the droids you are looking for -
Simply only allow them to be installed through Firefox. If one of these crapware installers wants to ad one, make it open Firefox with the xpi installer.
And make it default to cancel.
You are opting in to the update, not the Firefox extension. That's installed silently as part of the update. The only reason it was detected was that Firefox told him that it had been installed, after the fact. If it were, as you claim, opt-in, he would have been asked if he wanted it before it was installed. See the difference?
I can't test this myself, don't have a Windows machine here, but every time I've installed Java on Windows in the past, it scanned my machine and asked me if I wanted to install support into each of my browsers, which generally consisted of Firefox and IE. And after I said yes, it did some mucking about in the internals of my browsers to make them interact properly with JRE.
If you already did this, in the past, then you already gave them consent to integrate into your browser. So, the difference is, now you can see the evidence in your Add-On's list, where before you couldn't.
So, this doesn't resemble MS's stunt at all. Nice move posting a big fat broken link right at the top of the story, by the way. Smooth...
-1 Uncomfortable Truth
Um, JVM have always included plugins for browsers. Being shocked or surprised at this is like being flabbergasted and croggled by Mozilla Corp adding a "know your rights" bar rather than a click through EULA in version 3.05. Or like the FSF including a getwchar() in libc.
It is what it is.
Every once in a while, a PDF will render better in Acrobat Reader than Preview. But I haven't come across one in quite some time. I used to have Reader 5 as my default PDF reader on Mac OS X (years ago), because it was faster and more compatible than Preview (back then), but with Tiger and Leopard, Preview has totally kicked Reader to the curb.
I would say, since version 8 (maybe even 7), Acrobat Reader has jumped the shark, with wacky 3D features, more DRM then you can shake a stick at, Javascript scripting, video and audio support, and now just throwing in AIR, just to artificially boost their install base. Adobe seems to have forgotten what their original reason for PDF was, and is now just throwing everything they can think of into it...
Sleep your way to a whiter smile...date a dentist!
I don't see why people are upset about this.
1) The addon/plugin is tied to your computer - not your profile. It's similar to installing quicktime. It registers plugins with your browser. But for some reason it shows up as an addon rather than as a plugin - perhaps because of the featureset it requires? It looks like they split prefetching functionality from the main plugin, so that it can be disabled if desired.
2) It's easy to turn off. Just go to the java control panel and disable it. If you can't figure it out, here. (first result on google)
3) Prior to Firefox 3, nobody even knew this stuff was running. Now you do, and you actually have the option to disable it, or totally remove it. Isn't this a good thing? Why are you screaming now that you know it's there?
4) This happened something like 6 months ago.
5) This feature was not "slipped in". Sun wrote about it in April 2008. Maybe if you were going to throw a fit, you should've done it when they first announced it.
6) Technically you did choose to install the addon. It's part of Java. A checkbox when installing would be nice, but really, isn't required - especially since this is easy to disable, and the functionality is known, and has been disclosed for almost a full year.
If you want something ludicrously invasive, go look at OpenOffice. It silently steals file associations, has no way to manually register extensions, etc.; half the changes they make are so poorly documented that deploying a new version in a production environment can leave things totally FUBAR.
(not that I'm dissing them - just pointing out that this isn't a big issue to me, because Sun did just about everything right, and people are still screaming about it - typical)
I know that is a fine point for you to grasp
Ironic, since you don't have a clue. The actual reason is that if you don't use Firefox to install the add-on, Firefox doesn't know where the files are located. In addition, if they are in the application directory, a privilege elevation is required.
The worst you could say is that it's shortsighted. It is certainly not malice. These are the type of devs that deny huge memory leaks over and over again with a straight face, remember?
In any case, you can always disable any add-on. And if you think Java is malware then I wouldn't have my PC in the same state as you, let alone lend it out.